search

OWASP / owasp-mastg

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
https://mas.owasp.org/
Creative Commons Attribution Share Alike 4.0 International
11.75k stars 2.33k forks source link

0x5d Test Case: Update Testing for Sensitive Data in Memory on Android #478

Closed sushi2k closed 7 years ago

sushi2k commented 7 years ago

https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-for-sensitive-data-in-memory

sushi2k commented 7 years ago

Hi @pmilosev. Any update for this test case?

Naushad007 commented 7 years ago

Testing for Sensitive Data in Local Storage...SQLite Databases

commjoen commented 7 years ago

@Naushad007 is that not more on sensitive data in storage? Because on storage you would need to test for:

Naushad007 commented 7 years ago

Thanks @commjoen I will follow up that streem

sushi2k commented 7 years ago

Hi @Naushad007. This issue is about sensitive data exposed in the memory, not the file system.

Do you want to work on this ticket? If so, please create a PR and I can assign the ticket also to you. I think @pmilosev is still busy at the moment and couldn't find time to update the test case.

pmilosev commented 7 years ago

Sorry, few escalations at work and the plan goes out of window. I'm on a vacation in the next few weeks, so I'll try to do at least some contribution, but let's not promise much. I still have this project on my agenda though ;)

sushi2k commented 7 years ago

Noted and understand. Just wanted to ping you :-)

pmilosev commented 7 years ago

I've started reviewing and editing this chapter.

pmilosev commented 7 years ago

done, check the linked pull request #675